A firewall is an essential part of any network security setup. It is a device – either hardware or software – that sits on the boundary of a network and monitors the incoming and outgoing network traffic. The role of different types of firewalls is to review each network request and test it against its set of defined rules.
Every request that fails the test is considered a threat and thus blocked from either entering or leaving the network.
Thus, the firewall acts as a vital first line of defence against network threats. They guard the boundary between your carefully protected network environments and the outside world, such as the Internet at large.
What are the types of firewalls?
Firewalls are not all the same. There are various firewalls, each with a specific set of features and purposes. By understanding the types of firewalls, you will have a clearer understanding of which type of firewall your organization needs.
Proxy firewalls were the native, initial firewall models that were implemented in the early days. Proxy firewalls are highly application-specific and act as the secure gateway between the networks that the application is a part of.
Proxy firewalls can be enhanced with supporting features such as content caching and stricter monitoring. However, being somewhat primitive, proxy firewalls, once they block direct connections to the application from outside network, do not have the flexibility to selectively allow access. Thus, it can impact the expected output of the application.
Stateful inspection firewalls
Next, we have the stateful inspection firewalls. These are programmed to allow or block network traffic depending on the state, port, and protocol of the network connection. When implemented, a stateful inspection firewall scans all activity on an active network connection,
These firewalls decide whether to allow or block traffic based on admin-defined rules as well as the context of the network connection. What this means is that stateful inspection firewalls can “look back” on previous connections and traffic on the same connection to filter network traffic.
Unified threat management (UTM) firewalls
UTM firewalls are basically stateful inspection firewalls enhanced with intrusion prevention and antivirus capabilities. They are much more active in terms of filtering traffic.
UTMs are also capable of cloud deployments and handling cloud management. They were developed with the objective of improving the usability and ease of maintenance in mind.
Next-generation firewall (NGFW)
These are highly evolved firewalls that go well beyond simply filtering traffic requests and network monitoring. NGFWs can block the most modern network attacks such as advanced malware and application-layer threats.
Reading resources: 5 Security Benefits of NGFWs >
Traditional Next Gen Firewalls can be enhanced further to offer advanced threat detection and even remediation. These NGFWs are deployed as threat-focused NGFWs, which can:
- Understand which network entities are most vulnerable.
- Respond to cyber incidents with rapid agility and self-driven intelligence.
- Detect with greater precision any and all suspicious activities across the network and device endpoints.
- Reduce the turnaround time of a threat removal once a network breach has been detected.
- Protect wider attack surfaces with integrated policies and single-point control across the network.
Virtual firewalls are geared for the volatile cloud environments. It is a virtual appliance deployed in private or public cloud environments. Their job is to monitor and secure network traffic across tangible, established physical and virtual networks as well as the ad-hoc cloud networks. Software-defined Networks rely heavily on virtual firewalls for their security.